Hacker News new | ask | show | jobs
Show HN: Auto-OTP: automatically send and receive OTPs, end-to-end encrypted (auto-otp.com)
20 points by apugoneappu 1621 days ago
7 comments
apugoneappu 1621 days ago
Hi HN. My name is Apoorve, I am 23 year old undergraduate student.

I share a lot of internet accounts (Netflix, prime etc.) with my friends and family, and recently have been in OTP (one-time-password) hell. I built Auto-OTP to securely send and receive OTPs from people I trust.

This is mostly meant as a beta release so please do check it out and share your feedback :)

link
saimiam 1621 days ago
I built something similar with Shortcuts or whatever the iOS automation thing is called.

1. Receive otp 2. Launch automation which posts entire message content to url 3. Broadcast message to other people in my circle.

It works fine so long as my OTPs arrive correctly.

link
apugoneappu 1621 days ago
Hey, that’s pretty cool!

I have a question about your method - Are all messages broadcasted to the server? If only the ones with an OTP, are OTP messages for all apps broadcasted to those people?

In Auto-OTP, the OTP can be forwarded to different people app-wise. For example, you may choose who should receive the OTP for app1, who receives for app2 etc.

link
saimiam 1620 days ago
I have a rule which searches for the keyword OTP in incoming SMSes so not all messages get forwarded.

With this Shortcut her information is posted to a url, iOS requires the user to click okay to execute the action. So, you still have control on whether a message gets broadcast or not.

E.g., if a friend messages me asking “hey, did you get the OTP?”, my shortcut will prompt me to broadcast the SMS via the url but I can choose not to.

link
apugoneappu 1620 days ago
Oh, that's amazing! Thanks for the reply :)
link
advisedwang 1621 days ago
Can someone explain what the use case for this is?

I clearly am not the target audience as I've never forwarded an OTP... but I'm curious what other people are doing that makes this needed.

link
apugoneappu 1621 days ago
Hey!

The primary use case is for multiple people wanting to access an account that is behind 2FA.

Example of such folks are - 1) My dad wanting to access my bank account details without having to trouble me 2) Me wanting to login to my brother’s OTT accounts (hotstar, prime etc.) 3) CAs needing bank access for small business owners

link
JadoJodo 1621 days ago
Feedback: The "Lifetime" pricing shows "$90/mo". I suspect this is supposed to be "$90", but I'm not certain.
link
apugoneappu 1621 days ago
Thanks so much, fixed it! :)
link
kevincox 1621 days ago
You should probably define "OTP" somewhere on the page. Maybe just spell it out "One Time Password (OTP)" the first time you use it.
link
apugoneappu 1621 days ago
Thanks for the feedback! I feel so dumb, gonna fix first thing in the morning :)
link
nocsi 1621 days ago
So this automatically degrades 2-factor to… 1 factor again. The security model doesn’t instill a lot of confidence in me, being that you expect user-interaction as a means of security. It’s already bad enough people are tying their OTP with their credentials in password managers…
link
apugoneappu 1621 days ago
It’s still 2 factor, just that a few permitted people have access to the one time password. It’s identical to manually sharing the OTP, just automated.

> The security model doesn’t instill a lot of confidence in me, being that you expect user-interaction as a means of security.

Could you please elaborate on what this means?

link
jafjaf 1619 days ago
they are describing a trend where security is omitted or skipped because it’s inconvenient. even though OTP is used to increase security, it’s inconvenient for people so they go around it like this.
link
iamshnik 1621 days ago
Seems like a very useful product. Will give it a try
link
apugoneappu 1621 days ago
Thanks a lot! Looking forward to your feedback
link